SANS ISC InfoSec Forums

Logs are under appreciated. We all collect them, but in a majority of organisations you will find that they are only ever looked at once something has gone wrong. Which is unfortunately usually when people discover that either they didn't collect "that" log or timestamps are out of whack, log files rolled over, etc. Which is unfortunate because log files can tell you quite a bit of information as we are hoping to show throughout October as part of the Cyber Security Awareness Month.

What have I been finding in my logs the last few weeks? SQLi of course. There was an increase in SQLi activity in the APAC region the past two weeks, but the one thing that caught my eye was a remote file inclusion attempt.